jewel: rgw: swift anonymous access doesn't work in jewel
#3 Updated by Nathan Cutler about 1 year ago
- Description updated (diff)
In ceph jewel, it is possible to store swift read acls of the form ".r:*", but these do not have the expected effect of allowing "anonymous" access to the bucket contents. In more recent versions of ceph (luminous/master), this works fine. This problem manifests when using keystone and rgw_swift_account_in_url. From the logs, it appears that the tenant from the URL is being ignored.
luminous/master have very different code for this functionality, so this isn't a simple backport. However, the fix appears to be easy: just a few lines in rgw_rest_swift.cc to set the tenant seems to suffice.